CORS

Why is auth:api blocking cors in laravel?

Axios refers to laravel

const sessionid = localStorage.getItem('sessionid');
 const headers = {
                Authorization: 'Bearer ' + sessionid,
                'Content-type': 'application/json'
            }

responseApi = axios({
                    method: 'get',
                    url: 'http://127.0.0.1:8000/api/v1/companies',
                    headers: headers,
                });

On the server such routing

Route::group(['middleware' => [ 'cors', 'auth:api']], function() {
    Route::resource('v1/companies', 'CompanyAPIController');
});

And here is a middleware Cors

class Cors
{
    public function handle($request, Closure $next)
    {
        $response = $next($request);
        return $response
            ->header('Access-Control-Allow-Origin', '*')
            ->header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE')
            ->header('Access-Control-Request-Headers', 'X-Authentication, Authorization')
            ->header('Access-Control-Allow-Headers', 'Content-Type, X-Auth-Token, Origin');
    }
}

If you do not pass headers to axios and remove the auth: api middleware, then everything starts working fine. But with headers and auth:api I get a block from cors https://w6p.ru/OTdhYTd.jpg

Why is this happening and how can I avoid it? this is the answer I get in the

browser